JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones
search filter icon
search icon

Document Information


Part I Resource Management

1.  Introduction to Solaris 10 Resource Management

2.  Projects and Tasks (Overview)

3.  Administering Projects and Tasks

4.  Extended Accounting (Overview)

5.  Administering Extended Accounting (Tasks)

6.  Resource Controls (Overview)

7.  Administering Resource Controls (Tasks)

8.  Fair Share Scheduler (Overview)

9.  Administering the Fair Share Scheduler (Tasks)

10.  Physical Memory Control Using the Resource Capping Daemon (Overview)

11.  Administering the Resource Capping Daemon (Tasks)

12.  Resource Pools (Overview)

13.  Creating and Administering Resource Pools (Tasks)

14.  Resource Management Configuration Example

15.  Resource Control Functionality in the Solaris Management Console

Part II Zones

16.  Introduction to Solaris Zones

Zones Overview

About Branded Zones

When to Use Zones

How Zones Work

Summary of Zone Features

How Non-Global Zones Are Administered

How Non-Global Zones Are Created

Non-Global Zone State Model

Non-Global Zone Characteristics

Using Resource Management Features With Non-Global Zones

Features Provided by Non-Global Zones

Setting Up Zones on Your System (Task Map)

17.  Non-Global Zone Configuration (Overview)

18.  Planning and Configuring Non-Global Zones (Tasks)

19.  About Installing, Halting, Cloning, and Uninstalling Non-Global Zones (Overview)

20.  Installing, Booting, Halting, Uninstalling, and Cloning Non-Global Zones (Tasks)

21.  Non-Global Zone Login (Overview)

22.  Logging In to Non-Global Zones (Tasks)

23.  Moving and Migrating Non-Global Zones (Tasks)

24.  Solaris 10 9/10: Migrating a Physical Solaris System Into a Zone (Tasks)

25.  About Packages and Patches on a Solaris System With Zones Installed (Overview)

26.  Adding and Removing Packages and Patches on a Solaris System With Zones Installed (Tasks)

27.  Solaris Zones Administration (Overview)

28.  Solaris Zones Administration (Tasks)

29.  Upgrading a Solaris 10 System That Has Installed Non-Global Zones

30.  Troubleshooting Miscellaneous Solaris Zones Problems

Part III lx Branded Zones

31.  About Branded Zones and the Linux Branded Zone

32.  Planning the lx Branded Zone Configuration (Overview)

33.  Configuring the lx Branded Zone (Tasks)

34.  About Installing, Booting, Halting, Cloning, and Uninstalling lx Branded Zones (Overview)

35.  Installing, Booting, Halting, Uninstalling and Cloning lx Branded Zones (Tasks)

36.  Logging In to lx Branded Zones (Tasks)

37.  Moving and Migrating lx Branded Zones (Tasks)

38.  Administering and Running Applications in lx Branded Zones (Tasks)



Features Provided by Non-Global Zones

Non-global zones provide the following features:


Once a process has been placed in a zone other than the global zone, neither the process nor any of its subsequent children can change zones.

Network services can be run in a zone. By running network services in a zone, you limit the damage possible in the event of a security violation. An intruder who successfully exploits a security flaw in software running within a zone is confined to the restricted set of actions possible within that zone. The privileges available within a zone are a subset of those available in the system as a whole.


Zones allow the deployment of multiple applications on the same machine, even if those applications operate in different trust domains, require exclusive access to a global resource, or present difficulties with global configurations. For example, multiple applications running in different shared-IP zones on the same system can bind to the same network port by using the distinct IP addresses associated with each zone or by using the wildcard address. The applications are also prevented from monitoring or intercepting each other's network traffic, file system data, or process activity.

Network Isolation

If a zone needs to be isolated at the IP layer on the network, for example, by being connected to different VLANs or different LANs than the global zone and other non-global zones, then for security reasons the zone can have an exclusive IP. The exclusive-IP zone can be used to consolidate applications that must communicate on different subnets that are on different VLANs or different LANs.

Zones can also be configured as shared-IP zones. These zones connect to the same VLANs or same LANs as the global zone and share the IP routing configuration with the global zone. Shared-IP zones have separate IP addresses, but share the other parts of IP.


Zones provide a virtualized environment that can hide details such as physical devices and the system's primary IP address and host name from applications. The same application environment can be maintained on different physical machines. The virtualized environment allows separate administration of each zone. Actions taken by a zone administrator in a non-global zone do not affect the rest of the system.


A zone can provide isolation at almost any level of granularity. See Non-Global Zone Characteristics for more information.


Zones do not change the environment in which applications execute except when necessary to achieve the goals of security and isolation. Zones do not present a new API or ABI to which applications must be ported. Instead, zones provide the standard Solaris interfaces and application environment, with some restrictions. The restrictions primarily affect applications that attempt to perform privileged operations.

Applications in the global zone run without modification, whether or not additional zones are configured.